| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-03 00:38:02.639812 | 2016-11-03 00:40:21.152172 | 138 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| win-xp-sp3 | win-xp-sp3 | VirtualBox | 2016-11-03 00:38:02 | 2016-11-03 00:40:20 |
| File name | 100621.pdf | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 969411 bytes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | PDF document, version 1.7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | C81A14A1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | e3f5ef4fa17b4e08388ae4b0e2373728 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | c201fc4252c97aabad9e13e8c4e064708cce150f | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 5e77d181d45156a17423a7a9d8be59635c3425003a35957f3ccf973bf4a1240b | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | 65142c9d1ed5e76e4f38453bfc49c8211b1c9ca182436e7eb42a766fb2e69f1b60b9c97e3393cedf843884f7c9595d9266678a2b4589074e07edd997a69aaf14 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 12288:ajvrEOfzscDUseU1CWCD/LdDB1LbWDFhg1hfqXT0IakRo6AX0WP1HZ81DKvm9PeY:ajDdfwc3eVD1/MDICgEAEWhLm92nvm | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2016-10-27 07:25:20 Detection Rate: 39/55 (Expand)
|
| File name | 40abf3f5ddc9124c_a9r8152.tmp |
|---|---|
| File size | 358 bytes |
| File type | PDF document, version 1.6 |
| MD5 | cdb6a2cdd16461ec63437a17cedfaf4d |
| SHA1 | 37f55ce6c0f56bdf7e87a2d74af0eb04804774cb |
| SHA256 | 40abf3f5ddc9124cfc30e9edcb23ee761ddba521dd0466ae4fef7b3946aa2f8f |
| SHA512 | 0e0abdf0eb75b8a420e69183912c66229c6b3cc569f0ada12e349f35b0ab9d5df431dbb235f229a26d20eda2ee2b79518bc087139d7107591cd52d805e826b9b |
| Ssdeep | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOu8cQ8c1aCSyAAO:IngVMre9T0HQIDmy9g06JXe8cQ8cMlX |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 219b5f11b968ba89_a9r8153.tmp |
|---|---|
| File size | 358 bytes |
| File type | PDF document, version 1.6 |
| MD5 | ccec7ceed673e1f3e8b39778fec25948 |
| SHA1 | ea25fc95347d51ab0cf3b9fbfd57c5cb41559022 |
| SHA256 | 219b5f11b968ba890956e5e8e3145afe9c999865166e5afd746158700037fce3 |
| SHA512 | 7b5b0a4d9fa4a59465b4fc96af7373cfa810a328bda3d5123bf83b0e278042c4f65898812064cdb2aac6673570940630831a7b85bed067fe3289b4641e271883 |
| Ssdeep | 6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOHtSUQIX3utSUQIX3umCSyAAO:IngVMre9T0HQIDmy9g06JX3gaXdaX+mR |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | b7e552327cfe8c8a_d3d9caps.dat |
|---|---|
| File size | 664 bytes |
| File type | data |
| MD5 | ea798514252ea5c6a690328f132b16b0 |
| SHA1 | b6d61b760d6f7e5ce0d68a4463afa09ee2496680 |
| SHA256 | b7e552327cfe8c8aa42bd3457a853f3c1f9c04f5b41364d818f8cb4435be94e7 |
| SHA512 | 70ef9dd39aca707c4597b84130377c4a3c72fdc8e2e3d28c350917aa1f71a994a3d0306f21381aa81e448e2cdcf6027e864776f98b91b4cdf01c2e416dbedc65 |
| Ssdeep | 3:ZllKbllVnIlqQRi5BBl//lHlljlfltl+lp/5tAalB/AMlGM/JlpllDlHl/lAluoK:8b/+Ni///r1aR5tAanDGM/JuI4llCl |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | d90f507188198a72_adobearm.log |
|---|---|
| File size | 3030 bytes |
| File type | ASCII text, with CRLF, CR line terminators |
| MD5 | 45f6d4a29f72f3ab78db9d464bdae7c4 |
| SHA1 | 90c00e999bfda437076aaef9f17f1f2dad2245d4 |
| SHA256 | d90f507188198a726f2217f5c2aef4185af5bbae7a2e991b8c2206521bff9321 |
| SHA512 | 10e4225bafe13d43f1e807141e5ab60550124d5961ba9297880353282f64ca78f70a42e60ff248d1dcd2984138e1449eec381d64810415fec3dca8bef45e8da1 |
| Ssdeep | 48:ob17Q2eMbJ5d1rogAafH5L1XQmaI7Z5z1DkieM7t5GJL10JAf3NJwwJQJIYJAJJv:ob1kFmJ5d1sNsH5L1A1aZ5z1A52t5m1D |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | a479dd2807cb9817_ArmUI.ini |
|---|---|
| File size | 163994 bytes |
| File type | Little-endian UTF-16 Unicode text, with CRLF line terminators |
| MD5 | 927e703153e62a1cb9a4437659144bda |
| SHA1 | d293a6eb612b6c3bcddeec698e40dbebb5c61879 |
| SHA256 | a479dd2807cb9817ef3ef7a31f3b7582339785e921b4284e55a1387dc38ec770 |
| SHA512 | 0a1d099fccceadb38c7326a9791da18ddeff069600359b415744ae46641b8f041e4a31b00281a996f54b0991dbdf7bdbd0701f6cb71189afd42c207c4631d228 |
| Ssdeep | 3072:kT4CJ4WTbmKk61NmSTBjDT7lV8MztutF4NVxcCXXYAF5CPD:9EYJ |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 2a2e0ba33d793244_usercache.bin |
|---|---|
| File size | 9662 bytes |
| File type | data |
| MD5 | 912bc7140ba3596f83450d830b7c9557 |
| SHA1 | 0bae66884a3e091bd6095923d4add3984f3e8db2 |
| SHA256 | 2a2e0ba33d79324445847a0128ca611fcc50c82a3556fa9a1478405f990843d2 |
| SHA512 | e9e45522441f2dfcfb2cd273be300a0b2add972c62f7496326a3fc5c45e4f318ca4d446ae2676360958429e39b91c1a7ee677a95d710d2936d5d48b1854dc3f1 |
| Ssdeep | 96:stIHhqWwdwlvw5SR73kAUVokJUJ0JMSJ81Wkhg28c1qOeN6hLWjAHo+1rOAq8oNs:sHWwdwlvwsR3UVoLpB+OeN6LWwTAAk8 |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | cd45143589eed4aa_acecache10.lst |
|---|---|
| File size | 1565 bytes |
| File type | data |
| MD5 | 751f3f26ad1d4baaa6c1b54a851f3ff1 |
| SHA1 | b0b1a2263c3688888eafcfca5fd54a1875f0d72b |
| SHA256 | cd45143589eed4aadf9cb930280e99a59088589220addf1125bdfcf9e04db81a |
| SHA512 | c858a2539544075bc6725149758c0e992003dad3ef8bc3486f3ec659ed6dbd326318d3f0f7fca77860bcd0791e1c9d3766dacb6cea4fe690ce536a8dc984051c |
| Ssdeep | 24:ehkFwRfC0yJrZtkRlxFX5C0yJrC3l9XhqXbx8xqdXhqbFBC0yJrZWlV:e/Rq0yZOlY0y0l1heaoVhj0yalV |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | 60927ce9b1e6e4bc_shareddataevents |
|---|---|
| File size | 3072 bytes |
| File type | SQLite 3.x database |
| MD5 | ced3e8a4293014481ed3aa8724cf976e |
| SHA1 | 4cc68cc1cc223e81973f1aa8fe9a938b4b9c08df |
| SHA256 | 60927ce9b1e6e4bc107309d4fccfa46579105c9b212148a3649f3040860bb834 |
| SHA512 | 757bfc9f26bf6a3e60b5a2ea54d326d43d7915e134ea5bc129d5dc8f96284804375db7042020ec7ec3f7d4bc5f557accfae7ee2a25b9c7c69655f0b12b0970ce |
| Ssdeep | 12:HLS0qgtO9OiyopOz2VVXet3aQK+GyMFO+rlhurs7qllZ2301NI4h2:r8Rx/XYKQvGJF7ursClZPfI4c |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-03 00:38:03.331915 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.481915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.481915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.501915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.501915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\AGM.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.552915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ACE.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.562915 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.562915 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.562915 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.562915 | NtOpenFile |
file_handle => 0x0000006c filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-03 00:38:03.562915 | NtOpenFile |
file_handle => 0x00000070 filepath => C:\WINDOWS\system32\wininet.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.562915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.562915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.562915 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => AcroRd32 module_address => 0x009f0000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | NtOpenFile |
file_handle => 0x000000a0 filepath => C:\WINDOWS\system32\rpcss.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\rpcss.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.572915 | LdrLoadDll |
basename => BIB module_address => 0x07000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Reader\BIB.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.582915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.582915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.582915 | LdrLoadDll |
basename => aiodlite module_address => 0x10000000 flags => 0 module_name => C:\Program Files\Adobe\Reader 9.0\Esl\aiodlite.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.582915 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-03 00:38:03.582915 | LdrLoadDll |
basename => ieframe module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\ieframe.dll |
FAILURE | |||
| 2016-11-03 00:38:03.582915 | LdrLoadDll |
basename => acrord32 module_address => 0x009f0000 flags => 0 module_name => c:\program files\adobe\reader 9.0\reader\acrord32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.592915 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.592915 | NtOpenFile |
file_handle => 0x000000b0 filepath => C:\Program Files\Adobe\Reader 9.0\Reader\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Reader\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.622915 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.622915 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.622915 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.622915 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.632915 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.632915 | NtCreateFile |
create_disposition => 2 file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0 create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.632915 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.632915 | NtOpenFile |
file_handle => 0x000000bc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.632915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 100 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.642915 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:38:03.642915 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f8 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f8 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000f4 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtWriteFile |
buffer => H ¸¸ xW44ëï #Eg‰« ]ˆŠëɟè +H` file_handle => 0x000000f4 offset => 0 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtOpenFile |
file_handle => 0x000000fc filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureEBD7EBD7Offset7E00Length9FF2E4A00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.642915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtCreateFile |
create_disposition => 1 file_handle => 0x000000fc filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x00000100 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:38:03.652915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Common Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | CoUninitialize | SUCCESS | ||||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.652915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.652915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.662915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.662915 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.662915 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.772915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.772915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CIDFont\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.772915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.772915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.772915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.782915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.782915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.782915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.822915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.832915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.842915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.852915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.852915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.852915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.882915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.892915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.892915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.892915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.902915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadCurrency-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.912915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.922915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\SY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000114 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Common Files\Adobe\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\pfm\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.932915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZX______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ZY______.PFB create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\mmm\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.952915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x000000fc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeComFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.962915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Adobe\Fonts\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Common Files\Adobe\Fonts\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst create_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-03 00:38:03.962915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000108 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtOpenFile |
file_handle => 0x00000118 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.962915 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.972915 | NtOpenFile |
file_handle => 0x0000010c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-03 00:38:03.972915 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000010c filepath => C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-03 00:38:03.972915 | NtCreateFile |
create_disposition => 5 file_handle => 0x000000fc filepath => C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\ardi\Application Data\Adobe\Acrobat\9.0\UserCache.bin create_options => 96 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-03 00:38:03.972915 | NtWriteFile | buffer => 4 67 75 FID.1:o: :F:ArialMT P:Arial L:$  "F:Arial # 89 FID.1:o: :F:Arial-ItalicMT P:Arial Italic L:$  ÿ "F:Arial # 85 FID.1:o: :F:Arial-BoldMT P:Arial Bold L:$ ¼ "F:Arial # 98 FID.1:o: :F:Arial-BoldItalicMT P:Arial Bold Italic L:$ ¼ ÿ "F:Arial # 91 FID.1:o: :F:Arial-Black P:Arial Black L:- „ "F:Arial Black # 95 FID.1:o: :F:ComicSansMS P:Comic Sans MS L:-  BF:Comic Sans MS # 105 FID.1:o: :F:ComicSansMS-Bold P:Comic Sans MS Bold L:- ¼ BF:Comic Sans MS # 94 FID.1:o: :F:CourierNewPSMT P:Courier New L:$  1F:Courier New # 108 FID.1:o: :F:CourierNewPS-ItalicMT P:Courier New Italic L:$  ÿ 1F:Courier New # 104 FID.1:o: :F:CourierNewPS-BoldMT P:Courier New Bold L:$ ¼ 1F:Courier New # 117 FID.1:o: :F:CourierNewPS-BoldItalicMT P:Courier New Bold Italic L:$ ¼ ÿ 1F:Courier New # 84 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd.otf # 92 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf # 89 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf # 96 FID.1:k: :P:C:\Program Files\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf # 108 FID.1:o: :F:EstrangeloEdessa P:Estrangelo Edessa L:  BF:Estrangelo Edessa # 123 FID.1:o: :F:FranklinGothic-Medium P:Franklin Gothic Medium L:$  "F:Franklin Gothic Medium # 136 FID.1:o: :F:FranklinGothic-MediumItalic P:Franklin Gothic Medium Italic L:$  ÿ "F:Franklin Gothic Medium # 79 FID.1:o: :F:Gautami P:Gautami L:8  F:Gautami # 79 FID.1:o: :F:Georgia P:Georgia L:$  F:Georgia # 93 FID.1:o: :F:Georgia-Italic P:Georgia Italic L:$  ÿ F:Georgia # 89 FID.1:o: :F:Georgia-Bold P:Georgia Bold L:$ ¼ F:Georgia # 102 FID.1:o: :F:Georgia-BoldItalic P:Georgia Bold Italic L:$ ¼ ÿ F:Georgia # 76 FID.1:o: :F:Impact P:Impact L:' |